Signs That Your Account May Have Been Compromised
A compromised account doesn't always mean your assets suddenly vanish. The following signs could all indicate that your account security has been threatened: receiving login verification emails or SMS you didn't initiate; seeing unfamiliar IP addresses or device records in "Recent Activity" after logging in; unexplained changes in the quantity of a certain token in your holdings; receiving official Binance email notifications about new API keys being created; your withdrawal whitelist being modified or unfamiliar addresses being added. Don't take chances with any of these anomalies — act immediately. If you're looking for a secure and reliable exchange, you can register with Binance through the official link and complete your security settings right after registration.
Step One: Disable Your Account Immediately
The most urgent action after discovering an anomaly is to freeze your account. Open the Binance APP or web client, go to "Security Center," find the "Disable Account" button, and confirm. Once disabled, all account functions — login, trading, withdrawals — are suspended.
If you can no longer log in normally (password was changed), don't panic. On the Binance login page, find the "Security Concern" or "Account Locked" link and execute an emergency freeze through your registered email verification. If your email was also changed, contact Binance customer support directly with identity proof to freeze the account.
Every minute between discovering the anomaly and completing the freeze is critical — the intruder could be transferring your assets.
Step Two: Assess the Damage
After the account is frozen, the hacker can no longer operate. Now check the notification emails from Binance to piece together a timeline of abnormal activities:
- Were there any withdrawal records? To what addresses? How much?
- Were there any trade records? Was someone deliberately buying high and selling low to transfer your assets?
- Were any API keys created or modified?
- Were any security settings changed? Such as 2FA methods, bound email, or phone number
Record this information — you'll need it when reporting to Binance support and potentially to law enforcement.
Step Three: Investigate the Intrusion Path
Before restoring your account, you must figure out how the hacker got in, otherwise you might be compromised again after recovery. Common intrusion paths include:
Phishing attacks: Clicked a link in a fake "Binance" email and entered your credentials on a counterfeit website. Check your browser history for suspicious domains.
Password leaks: Used the same password on Binance as on another website that suffered a data breach. You can check if your email appears in known breach databases at haveibeenpwned.com.
Malware: A keylogger or remote control software was installed on your phone or computer. Check if you recently installed any software from unknown sources and run a full antivirus scan.
SIM card hijacking: If you use SMS as your primary verification method, hackers may have obtained control of your phone number through social engineering attacks on your carrier.
API key leaks: If you used Binance API keys on third-party platforms with insufficient security, the keys may have been stolen.
Step Four: Eliminate Security Vulnerabilities
Take corresponding measures based on your investigation:
- Change your Binance account password to a completely new strong password (at least 16 characters, including uppercase, lowercase, numbers, and special characters)
- Change your registered email password and enable two-step verification for the email as well
- If you suspect malware on your device, factory reset or switch to a new device
- Delete all API keys and recreate them if needed
- If it was SIM hijacking, contact your carrier to report and replace the SIM, and switch to Google Authenticator on Binance
Step Five: Restore Your Account
After eliminating vulnerabilities, you can apply to restore your account. On the Binance website login page, click "Restore Account" and follow the system guidance to complete identity verification. During restoration, you'll be required to set up a new 2FA verification method.
After restoration, immediately execute the following:
- Bind Google Authenticator
- Set a brand new anti-phishing code
- Enable withdrawal whitelist functionality
- Clean up the device management list, keeping only the current device
- Review and update the withdrawal address whitelist
It's recommended not to make large trades or withdrawals within 48 hours of restoration — monitor for any remaining abnormal activity.
Step Six: Consider Filing a Police Report
If asset losses are confirmed, filing a police report is recommended. Prepare the following materials: Binance account information, details of abnormal operations with timestamps, withdrawal records and target addresses, your identity documents. Although recovering crypto assets is challenging, a police report may be useful in the future, and if the amount is significant, law enforcement and Binance's security team may get involved in the investigation.
Also submit a security incident report through the customer support channel in the Binance APP. Binance has a dedicated security team that handles such cases and can track on-chain fund flows and freeze related accounts when necessary.
FAQ
Q: Are my assets still there after disabling my account? A: Disabling only freezes all operations — your assets remain in your account and won't disappear. You simply cannot perform any operations temporarily.
Q: What if the hacker already withdrew my funds before I froze the account? A: Immediately report the theft through customer support and provide the withdrawal addresses. Binance will attempt to trace the fund flow. If the funds were transferred to other regulated exchanges, they may potentially be frozen. Also file a police report as soon as possible.
Q: Is there a cooldown period after account restoration? A: Yes. After resetting 2FA, there's typically a 24-48 hour withdrawal cooldown period during which you cannot withdraw but can trade normally. This is an additional security safeguard.
Q: How can I tell if a "Binance security alert" email is real or phishing? A: Check if the sender address is from Binance's official domain and whether the email contains your anti-phishing code. If you've set up an anti-phishing code but the email doesn't display it, it's almost certainly a phishing email. Don't click any links in the email — manually type the Binance website address to log in and verify.